CVE-2010-3243

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer version 8 Microsoft Windows SharePoint Services versions 3.0 SP2 Microsoft Office SharePoint Server versions 2007 SP2

Description The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This is due to an information disclosure vulnerability in the way HTML is filtered, which could enable cross-site scripting attacks. An attacker who successfully exploits this could execute a cross-site scripting attack on the user, allowing the attacker to execute script in the user's security context against a site using the toStaticHTML API.

Recommendations For Microsoft Internet Explorer version 8, update to a version that includes the fix for the HTML Sanitization Vulnerability. For Microsoft Windows SharePoint Services versions 3.0 SP2, apply the necessary security patches to address the information disclosure vulnerability. For Microsoft Office SharePoint Server versions 2007 SP2, consider disabling the toStaticHTML function as a temporary workaround until a patch is available.